Joseph Wenzel reports that Centerstone, a provider of substance abuse and mental health services, is notifying employees and patients of a breach:
The investigation into the “IT security incident” started after an employee for Centerstone of Tennessee, Inc. noticed “unusual activity” involving their email account.
Centerstone said an independent computer forensics firm found certain current and former Centerstone patients and employees’ personal information was “accessed or acquired without authorization.”
This incident happened between December 12 and December 16, 2019.
Read more on WSMV.
Centerstone’s statement can be found on their site. They do not disclose exactly when they first became aware of the unusual activity in an employee’s email account or why it took until August 25 to figure out what employee email accounts had been compromised in December of 2019 and which had patient or employee information in them.